Add "manage_api_key" cluster privilege #43728
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This adds a new cluster privilege for manage_api_key. Users with this privilege are able to create new API keys (as a child of their own user identity) and may also get and invalidate any/all API keys (including those owned by other users).
tvernum
added
>enhancement
:Security/Authorization
|
Pinging @elastic/es-security |
|
I still need to add this cluster privilege to the docs, but I wanted to get a PR up for review today. The docs might need to wait until next week. |
tvernum
added a commit
to tvernum/stack-docs
that referenced
this pull request
Jul 1, 2019
tvernum
added a commit
to tvernum/elasticsearch
that referenced
this pull request
Jul 1, 2019
Add the "Authorization" section to the API key API docs. These APIs require The new manage_api_key cluster privilege. Relates: elastic#43728
tvernum
added a commit
that referenced
this pull request
Jul 2, 2019
Add the "Authorization" section to the API key API docs. These APIs require The new manage_api_key cluster privilege. Relates: #43728
tvernum
added a commit
to tvernum/elasticsearch
that referenced
this pull request
Jul 2, 2019
This adds a new cluster privilege for manage_api_key. Users with this privilege are able to create new API keys (as a child of their own user identity) and may also get and invalidate any/all API keys (including those owned by other users). Backport of: elastic#43728
tvernum
added a commit
that referenced
this pull request
Jul 2, 2019
This adds a new cluster privilege for manage_api_key. Users with this privilege are able to create new API keys (as a child of their own user identity) and may also get and invalidate any/all API keys (including those owned by other users). Backport of: #43728
tvernum
added a commit
to tvernum/elasticsearch
that referenced
this pull request
Jul 2, 2019
Add the "Authorization" section to the API key API docs. These APIs require The new manage_api_key cluster privilege. Relates: elastic#43728 Backport of: elastic#43811
tvernum
added a commit
to elastic/stack-docs
that referenced
this pull request
Jul 4, 2019
Relates: elastic/elasticsearch#43728 Co-Authored-By: Lisa Cawley <lcawley@elastic.co>
tvernum
added a commit
to elastic/stack-docs
that referenced
this pull request
Jul 16, 2019
Relates: elastic/elasticsearch#43728 Co-Authored-By: Lisa Cawley <lcawley@elastic.co> Backport of: #395
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds a new cluster privilege for
manage_api_key. Users with thisprivilege are able to create new API keys (as a child of their own
user identity) and may also get and invalidate any/all API keys
(including those owned by other users).
This also fixes a bug where the security index was accessed using the
authenticated user's context, which meant that only
superuserwasable to call these APIs. The API Key actions may now be called by any
user with
manage_securityormanage_api_key.Relates: #42020